4.3 Million HealthEquity Users Hit by Major Data Breach
HealthEquity, one of the largest providers of health savings accounts in the United States, reported a significant data breach affecting the information of 4.3 million individuals. The company...
View ArticleCritical OpenSSH Vulnerability “regreSSHion” Threatens macOS Users
Apple has confirmed that macOS systems are vulnerable to a severe OpenSSH vulnerability dubbed “regreSSHion” (CVE-2024-6387). This unauthenticated remote code execution (RCE) flaw could allow attackers...
View ArticleDigiCert Forced to Revoke Thousands of Certificates Due to Domain Validation...
Leading digital certificate authority DigiCert has announced an urgent revocation of thousands of its SSL/TLS certificates due to a non-compliance issue in its domain control verification (DCV)...
View ArticleNorth Korean Hacker Indicted: Ransomware on Hospitals Funds Military Espionage
A North Korean hacker has been indicted in the U.S. for allegedly using ransomware attacks on American hospitals to finance espionage activities against military and government targets. The hacker, Rim...
View ArticleReport: DDoS Attacks Decline, But Large-Scale Threats Surge
The Dutch National Scrubbing Center (NaWas), which protects its participants from DDoS attacks, recorded a significant decrease in the number of attacks in the second quarter of this year. Between...
View ArticleAI-Driven Phishing-as-a-Service: GXC Team Raises the Stakes in Cybercrime
Group-IB reports on the activities of the Spanish-speaking cyber group GXC Team, which uses phishing kits with malicious Android applications. The cybercriminals offer comprehensive MaaS solutions,...
View ArticleNetwork Equipment Under Siege: New Report Exposes Widespread Vulnerabilities
A new report by NetRise analyzes the software composition, vulnerabilities, and non-CVE risks present in corporate network equipment—routers, switches, firewalls, VPN gateways, and wireless access...
View ArticleEchoSpoofing: Millions Targeted in Proofpoint Email Breach
An unknown attacker exploited a vulnerability in the email routing settings of Proofpoint to send mass fraudulent messages impersonating well-known companies such as Best Buy, IBM, Nike, and Walt...
View ArticleProgress Software Issues Security Alert for MOVEit Transfer Users: CVE-2024-6576
Progress Software, the developer of the popular MOVEit Transfer managed file transfer solution, has warned customers about a new high-severity vulnerability (CVE-2024-6576) that could allow attackers...
View ArticleMalware Exploiting IoT Devices on the Rise, SonicWall Warns
SonicWall has published its mid-year Cyber Threat Report for 2024. In the first half of the year, there was a significant increase in supply chain attacks, a rise in malware targeting Internet of...
View ArticleCVE-2024-5670 (CVSS 9.8): Critical Vulnerability Exposes Softnext Email...
Taiwan’s CERT (Computer Emergency Response Team) has issued a critical warning regarding a severe vulnerability in Softnext’s Mail SQR Expert and Mail Archiving Expert email management systems. This...
View ArticleFake Google Authenticator Ads Spread Malware Through Google Search
Cybersecurity researchers at Malwarebytes Labs have uncovered a malicious campaign where threat actors impersonate Google to spread malware through fake ads for Google Authenticator. The ads, which...
View ArticleMassive XSS Threat: Millions of Websites Vulnerable via OAuth Flaw
A critical vulnerability in the OAuth authentication standard has been discovered, potentially exposing millions of websites and their users to account hijacking and data theft. Cybersecurity experts...
View ArticleCritical Vulnerability in Hosted Email Services Exposes Users to Spoofing...
A newly discovered vulnerability in multiple hosted email services has raised significant concerns regarding email security. This vulnerability allows authenticated attackers to bypass sender identity...
View ArticleCritical Vulnerability in VoWiFi Implementations Exposes Millions to...
A team of security researchers has discovered critical vulnerabilities in the Voice over Wi-Fi (VoWiFi) implementations of major smartphone manufacturers and mobile network operators (MNOs). This...
View ArticleUrgent Chrome Update: Google Patches Critical Security Flaw (CVE-2024-6990)
Google has issued an urgent security update for its widely-used Chrome browser, patching three vulnerabilities, one of which is rated “critical.” The vulnerabilities, tracked as CVE-2024-6990,...
View ArticleCritical GeoServer RCE Flaw CVE-2024-36401 Actively Exploited, 6,284...
Security threat monitoring platform Shadowserver has revealed that 6,284 GeoServer instances exposed to the Internet are vulnerable to critical remote code execution (RCE) attacks. This vulnerability,...
View ArticleW3C Slams Google’s Cookie Reversal: Privacy at Risk?
Earlier, Google Chrome announced that it would no longer phase out third-party cookies. This decision implies that advertising networks can continue to use traditional methods to track users across...
View ArticleSpecula Tool Weaponizes Microsoft Outlook Vulnerability: New Threat for Email...
A new tool called Specula is transforming Microsoft Outlook from a productivity tool into a potent weapon for cybercriminals. Developed by TrustedSec, Specula allows attackers to remotely execute code...
View ArticleDouble Trouble: DDoS and Internal Errors Cause Major Microsoft Azure Outage
Yesterday, Microsoft’s cloud computing service, Microsoft Azure, experienced another outage. Since many of Microsoft’s services, especially Microsoft 365, also run on Microsoft Azure, the outage...
View Article